This month, Discord disclosed that there was a data breach that happened... and now, the blame game is starting.
Who did what: Discord security incident
Discord blamed a service provider for the hack that happened to its servers, but now this company is claiming that it wasn't the cause of it, nor were they serving the data that was stolen.
Discord disclosed about this "Security Incident" back in early October. Reportedly, approximately 70,000 users were affected. After the initial notice about the hack was published, Discord then updated the page and directed the blame for the hack onto one of its providers.
According to Discord, there was a "breach" of third-party service provider 5CA. Discord says that this partner is used in its customer support system. Then, on October 14, 5CA responded to this claim, arguing that its systems were not involved.
5CA also claims that it hasn't handled any government-issued IDs for Discord itself.
Who do you think is really at fault for the Discord breach?
Discord itself
0%
5CA, the service provider
0%
Both are hiding something
66.67%
Too early to tell
33.33%
Reportedly, the breach involved a leak of tens of thousands of passports and driving license photographs, which were used for age verification.
5CA also claims that its systems are still secure, and client data is protected. The company goes on to say that it's also performing its own investigation and working with Discord and experts in cybersecurity on the issue.
Image Credit - Discord
Meanwhile, some early findings suggest that the company wasn't hacked, says 5CA. However, 5CA also claims that it's possible that the breach happened from "human error", but it doesn't specify more on this, and what it actually means.
Both are pretty much publicly arguing about who's at fault
Neither Discord's nor 5CA's press releases and notices are fixing the situation; we're obviously talking about two companies trying to control the narrative, or at least trying to deflect blame from the topic. And it's a serious thing: a data breach with sensitive information happened. And that's that.
Discord has basically named a company, which seems like a move to limit the damage to Discord's reputation. Of course, at this point, nobody knows whether Discord is accurate, and 5CA denies the allegations. Of course, we don't know if 5CA is also telling the truth. We need to wait for a trusted third-party or law enforcement to investigate and figure things out before we make any conclusions.
Recommended Stories
Another change that Discord made to its initial notice is adding the number of affected users. Initially, the company claimed it was a "limited number of users", without giving us a direct number, and then a few days later, the figure 70,000 was added to the post.
Unfortunately, it's a serious breach involving images of government-issued IDs. These were sent as part of a process for age-verification appeals. Like many apps, Discord also has to confirm the age of its users to ensure that they are not children viewing prohibited content on the platform.
Discord's messages or activities of users were not part of the breach.
However, data taken in the breach includes:
Usernames
Discord usernames
Email addresses
Other contact details given to Discord customer support
Payment types
Last four digits of a user's credit card
Purchase history
Messages with customer support
IP addresses
"Limited corporate data" such as training materials
Luckily, at this moment, it seems that the data isn't being sold or used anywhere. However, these details could be used in further hacks or attacks.
Discord is contacting the affected users about the breach, and it should also be explaining to them what data was leaked.
All in all, 70,000 users is still relatively a small number against Discord's total user base, which is approximately 689 million registered users.
If you're not directly affected by the breach, keep in mind that you may still experience messages based on that breach. Malicious users may try to use the breach to manipulate you. Keep in mind to always question people you don't know who are contacting you, don't open any suspicious links, or download any suspicious files.
Hacks do happen, but this is angering
I find it awful that so much sensitive information has leaked. I'm always hesitant about sending government-issued ID cards and other stuff like that to any type of company, and I've actually almost never done that. Yep, companies are secure, but still, you see what can happen.
I hope the affected users get some compensation out of all of this. And it really angers me. 70,000 people are still... well, a huge number of people in my book.
"Iconic Phones" is coming this Fall!
Relive the most iconic and unforgettable phones from the past 20 years! Iconic Phones is a stunningly illustrated book we’ve been crafting for over a year—and it’s set to launch in just a couple of months!
Iconic Phones: Revolution at Your Fingertips is the ultimate coffee table book for any phone enthusiast. Featuring the stories of more than 20 beloved devices, it takes you on a nostalgic journey through the mobile revolution that transformed our world. Don’t miss out—sign up today to lock in your early-bird discount!
Izzy, a tech enthusiast and a key part of the PhoneArena team, specializes in delivering the latest mobile tech news and finding the best tech deals. Her interests extend to cybersecurity, phone design innovations, and camera capabilities. Outside her professional life, Izzy, a literature master's degree holder, enjoys reading, painting, and learning languages. She's also a personal growth advocate, believing in the power of experience and gratitude. Whether it's walking her Chihuahua or singing her heart out, Izzy embraces life with passion and curiosity.
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts:
New accounts created within the last 24 hours may experience restrictions on how frequently they can
post or comment.
These limits are in place as a precaution and will automatically lift.
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed:
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts: